Build Docker Base Image for CentOS 7.x

… (with tweak for running without nested virtualization)

Environment Setup

Linux VM – CentOS 7.3 Minimal
– SELINUX Disabled
– Firewall Disabled

Step #1a: Install Docker

curl -sfo /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y epel-release docker-ce 
systemctl enable docker
systemctl start docker

Step #1b: Install build tools

yum install -y lorax anaconda-tui

Build the Image

Step #2: Generate the tarball

mkdir -p docker-dev-centos && cd docker-dev-centos

curl -sO http://centos.mirror.constant.com/7/isos/x86_64/CentOS-7-x86_64-NetInstall-1611.iso

curl -sO https://raw.githubusercontent.com/CentOS/sig-cloud-instance-build/master/docker/centos-7.ks

### prevent CentOS 7.3 from installing open-vm-tools-desktop
sed -i '/yum-plugin-ovl/a @platform-vmware --nodefaults' centos-7.ks

livemedia-creator --make-tar --no-virt \
--iso=CentOS-7-x86_64-NetInstall-1611.iso \
--ks=centos-7.ks \
--image-name=centos-root.tar.xz

When installing RHEL 7.3 as a vmware guest, the installer (Anaconda) automatically detects the virtualization host, then installs the VMware Tools (irrelevant for containers).
@TWEAK – ref: https://access.redhat.com/discussions/2770061

Step #3a: Import tarball (no tag)

cat /var/tmp/centos-root.tar.xz | docker import - mycentos

Step #3b: Import tarball (with tag=datestamp)

STAMP=$(date +%Y-%m-%d)
cat /var/tmp/centos-root.tar.xz | docker import - mycentos:$STAMP
docker tag mycentos:$STAMP mycentos

Test the Image

docker run -it --rm mycentos /bin/bash

[root@05eaed83571f /]# rpm -qa | wc -l
141

Query packages

docker run -it --rm mycentos rpm -qa --queryformat "%{NAME}\t%{VERSION}\t%{RELEASE}\t%{ARCH}\n"

Profit!

Minimal Mesosphere DC/OS v1.9 (Single)

… (with tweak for running a tiny marathon-lb on the slave node)

Introduction

Mesosphere DC/OS is built on top of Apache Mesos, which is a leading open-source framework for distributed applications. The key design differentiation is its two-level scheduler which enables it to handle complex workloads like big-data analytics, grid computing, etc.

The official recommendation for a lab-install is Vagrant, which may not be available in many big enterprise environments (for obvious reasons).

In this article, we’ll go over the procedure for setting up a tiny DC/OS cluster using a Single VM and demonstration of basic orchestration capability using Marathon framework.

Requirements

  • One VM only! (for a resource constrained lab or laptop)
  • CentOS 7.3 Minimal + SELINUX Disabled + Firewall Disabled + IPv6 Disabled
  • Docker (docker-ce 17.06.0.ce)

Configuration

Host Role VM Size
mesos-single bootstrap + master + slave + dcos-cli 2 CPU, 6GB RAM, 60GB HDD

Prerequisites

NOTE: set proxy related environment variables if needed.

# only if proxy is needed
export http_proxy="http://192.168.20.225:3128"
export https_proxy="http://192.168.20.225:3128"
# get yum repo for docker-ce
curl -sfo /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo

# install docker-ce and other required packages
yum install -y epel-release docker-ce tar xz unzip curl ipset chrony
groupadd nogroup
# clean yum cache (optional)
yum clean all

# only if proxy is needed
# proxy needed - start
mkdir -p /etc/systemd/system/docker.service.d

cat > /etc/systemd/system/docker.service.d/override.conf << '__EOF__'
[Service] 
Environment="HTTP_PROXY=http://192.168.20.225:3128"
Environment="HTTPS_PROXY=http://192.168.20.225:3128"
Environment="NO_PROXY=localhost,127.0.0.0/8,192.168.20.0/24,*.sudhaker.com"
__EOF__

systemctl daemon-reload
# proxy needed - end

# enable and start docker
systemctl enable docker
systemctl start docker

# add to host file if DNS doesn't resolve the hostname
tee -a /etc/hosts << '__EOF__'
192.168.20.80 mesos-single
__EOF__

To be run for bootstrap

Generate bootstrap

# create setup directory, download the install binary
mkdir /opt/dcos-setup && cd /opt/dcos-setup && curl -O https://downloads.dcos.io/dcos/stable/dcos_generate_config.sh

# create config directory 
mkdir -p genconf

# create ip-detect script; change 'ens192' if needed
cat > genconf/ip-detect << '__EOF__'
#!/usr/bin/env bash
set -o nounset -o errexit
export PATH=/usr/sbin:/usr/bin:$PATH
echo $(ip addr show ens192 | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
__EOF__
chmod 755 genconf/ip-detect

### VERY IMPORTANT: validate that the following ip-detect is working
### if not then follow https://dcos.io/docs/1.9/administration/installing/custom/advanced/
###   to get a working script, must work consistently on this node
./genconf/ip-detect

# configuration yaml
cat > genconf/config.yaml << '__EOF__'
---
bootstrap_url: http://mesos-single:8081       
cluster_name: dcos
exhibitor_storage_backend: static
master_discovery: static
master_list:
- 192.168.20.80
resolvers:
- 8.8.4.4
- 8.8.8.8
telemetry_enabled: 'false'
# only if proxy is needed
use_proxy: 'true'
http_proxy: http://192.168.20.225:3128
https_proxy: http://192.168.20.225:3128
no_proxy:
- localhost
- 127.0.0.0/8
- 192.168.20.0/24
- '*.sudhaker.com'
__EOF__

# generate bootstarp
bash dcos_generate_config.sh

Launch bootstrap

# serve the bootstrap code-base using tiny nginx (alpine based)
docker pull nginx:alpine
docker run -d --restart=unless-stopped -p 8081:80 -v /opt/dcos-setup/genconf/serve:/usr/share/nginx/html:ro --name=dcos-bootstrap-nginx nginx:alpine

To be run for {master}

mkdir -p /tmp/dcos && cd /tmp/dcos && curl -O --noproxy '*' http://mesos-single:8081/dcos_install.sh && bash dcos_install.sh master && cd -

The installation progress can be seen at exhibitor URL i.e. http://192.168.20.80:8181/

Install dcos-cli (while we are waiting for the master to come up).

mkdir -p ~/bin && cd ~/bin && curl -sfO https://downloads.dcos.io/binaries/cli/linux/x86-64/0.4.17/dcos && chmod 755 ~/bin/dcos && cd -

dcos config set core.dcos_url http://192.168.20.80
dcos auth login

To be run for {slave}

NOTE: this is the tweak for running slave on the master node (not supported officially, may break in the future release).

export opt_mesos=$(ls -1d /opt/mesosphere/packages/mesos--*)
ln -s $opt_mesos/dcos.target.wants_slave/dcos-mesos-slave.service /etc/systemd/system
ln -s $opt_mesos/dcos.target.wants_slave/dcos-mesos-slave.service /etc/systemd/system/dcos.target.wants
systemctl start dcos-mesos-slave

DC/OS UI

Browse to http://192.168.20.80 (when ready – usually takes 5-to-10 minutes)

DC/OS v1.9 UI

Install the tiny marathon-lb (0.1 CPU, 128mb RAM)

IMPORTANT: dcos package based install won’t allow our proposed tiny configuration, so we’ll use marathon!

Export marathon json

# allows to run on slave and skip port 80+443 binding
cat > marathon-lb-internal.json << '__EOF__'
{ "marathon-lb":{ "name": "marathon-lb-internal", "instances": 1, "haproxy-group": "internal", "role": "", "bind-http-https": false} }
__EOF__
# export the marathon configuration (for tweaking)
dcos package describe --app --render marathon-lb --options=marathon-lb-internal.json > marathon-lb.json

Edit the json, use sed or manually edit it
Set cpu to 0.1 and mem to 128 (more than enough for a demo setup)

sed -i 's/"cpus": 2/"cpus": 0.1/' marathon-lb.json
sed -i 's/ "mem": 1024/ "mem": 128/' marathon-lb.json

Let marathon deploy this app

dcos marathon app add marathon-lb.json

Install the demo app (dockercloud/hello-world)

Our demo app for this setup is dockercloud/hello-world

cat > dockercloud-hello-world.json << '__EOF__'
{
  "id": "dockercloud-hello-world",
  "container": {
    "type": "DOCKER",
    "docker": {
      "image": "dockercloud/hello-world",
      "network": "BRIDGE",
      "portMappings": [
        { "hostPort": 0, "containerPort": 80, "servicePort":10000 }
      ],
      "forcePullImage":true
    }
  },
  "instances": 2,
  "cpus": 0.1,
  "mem": 128,
  "healthChecks": [{
      "protocol": "HTTP",
      "path": "/",
      "portIndex": 0,
      "timeoutSeconds": 10,
      "gracePeriodSeconds": 10,
      "intervalSeconds": 2,
      "maxConsecutiveFailures": 10
  }],
  "labels":{
    "HAPROXY_GROUP":"internal"
  }
}
__EOF__

# deploy the demo app
dcos marathon app add dockercloud-hello-world.json

Browse to => http://192.168.20.80:10000/

or run the follwoing command

for i in $(seq 1 5); do curl -sf http://192.168.20.80:10000/ | grep -oP "My hostname is [0-9,a-z]+"; done

Output:

My hostname is 705bc9fdf535
My hostname is d74cf174fff0
My hostname is 705bc9fdf535
My hostname is d74cf174fff0
My hostname is 705bc9fdf535

Summary

The single node DC/OS setup has a lower (roughly 3gb) resource/memory overhead and can be great for learning and tryout simple container / micro-service workloads. It is possible to run additional non-distributed frameworks (like Jenkins) if adequate RAM is available.

Have fun!